KR101768082B1 - Securing method for protecting the ransomware - Google Patents
Securing method for protecting the ransomware Download PDFInfo
- Publication number
- KR101768082B1 KR101768082B1 KR1020150176971A KR20150176971A KR101768082B1 KR 101768082 B1 KR101768082 B1 KR 101768082B1 KR 1020150176971 A KR1020150176971 A KR 1020150176971A KR 20150176971 A KR20150176971 A KR 20150176971A KR 101768082 B1 KR101768082 B1 KR 101768082B1
- Authority
- KR
- South Korea
- Prior art keywords
- module
- backup
- file
- follow
- target file
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
- G06F11/1458—Management of the backup or restore process
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Quality & Reliability (AREA)
- Virology (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to a security method corresponding to a random software that protects a file from an RAN firmware that requires money or information while restricting access by a user by converting a stored file into a network-based computer and a mobile terminal without unauthorized access, A process of confirming a request function and a target file of the process from the OS; A backup step of comparing the request function with a designated function, and when the request function is confirmed as a designated function, backing up the target file and storing the backup file in the storage module; Wherein the checking module compares a backup amount of the backup module with a threshold value, and stops the process when the backup amount exceeds a threshold value; A query step of confirming an execution program and a target file of a process suspended by the follow-up process module in the checking module, and outputting a query window in which the execution program name and the target file name are started; And a process termination step of terminating the interrupted process or terminating both the process and the program when the follow-up process module receives an input signal for rejecting the process continuation.
Description
The present invention relates to a security method for protecting a file from an RAN firmware that requires money or information while restricting a user's access by converting a stored file into a network-based computer and a mobile terminal without permission.
Currently, data processing technologies of computers and mobile terminals (hereinafter referred to as "network terminals") and network technologies of the Internet and Ethernet (hereinafter referred to as "communication networks") have been developed.
[0006] However, among a large amount of information dealt with by a network terminal and a communication network, not only information desired by a user but also computer viruses, spyware, adware, etc. spread by a malicious attacker, And so on. These malicious codes can cause damage or loss of the network terminal, or cause the user to perform an undesired operation. Accordingly, efforts and techniques for continuously monitoring such malicious codes and blocking the operation of network terminals due to malicious codes are continuously performed and developed.
The conventional security apparatus stores a malicious code pattern in a DB in advance in order to detect malicious code operation, and if a pattern existing in the DB periodically or according to a command of a user exists in all files existing in a network terminal (including a server) Location (drive or directory, etc.). However, the conventional security device has a problem of wasting much time and resources as a method of randomly searching a large number of unspecified files currently stored in a network terminal. In addition, the conventional security device only determines whether malicious code is included in a file at the time of searching. As the technology for generating and activating the malicious code is developed, malicious code is not activated at a specific point in time or was not malicious code itself Technology has also been developed that initiates activity as a malicious code when certain data processing is performed or at a certain point in time.
On the other hand, among malicious codes, a file called "Ransomware" is developed which forcibly converts a file in a network terminal to make it impossible for a user to access, and requests money or information when a user attempts to access the file. Ransomware is known as a malicious malicious code in terms of providing financial or informational requirements, and even worse, malicious codes are the worst of malicious codes Code.
Therefore, in the past, development of a security device such as a vaccine program capable of protecting a user's file from Ransomware has been continuously performed.
However, since the Ransomware was easily upgraded, the security device was frequently updated, and the network terminal that did not update the security device was easily infected with Ransomware, causing serious damage.
As a result, it is urgently required to develop a security device that can prevent the activity of the portable devices and protect the data without updating the security device.
Prior Art Document 1. Patent Publication No. 10-2008-0010003 (published on January 30, 2008)
SUMMARY OF THE INVENTION The present invention has been made to solve the above-mentioned problems, and it is an object of the present invention to provide a method and system for protecting a file from unauthorized conversion of a storage file to a network terminal, And to provide a security method corresponding to the protection of the random software.
According to an aspect of the present invention,
A checking process of checking the request function and a target file of the process by the checking module;
A backup step of comparing the request function with a designated function, and when the request function is confirmed as a designated function, backing up the target file and storing the backup file in the storage module;
Wherein the checking module compares a backup amount of the backup module with a threshold value, and stops the process when the backup amount exceeds a threshold value;
A query step of confirming an execution program and a target file of a process suspended by the follow-up process module in the checking module, and outputting a query window in which the execution program name and the target file name are started; And
A process termination step of terminating the interrupted process or terminating both the process and the program when the follow-up process module receives an input signal for rejecting the process continuation;
Which is a security method corresponding to the Ransomware.
The present invention as described above confirms changes such as deletion, modification, modification, and name revision of a storage file, backs up a storage file as a target, interrupts the process temporarily, There is an effect that the file stored in the network terminal can be safely protected from the risk of the risk even if the security device of the network is not updated.
FIG. 1 is a block diagram showing an embodiment of a security device in which a security method according to the present invention is performed,
FIG. 2 is a flowchart sequentially showing an embodiment of a security method according to the present invention,
FIG. 3 is a view schematically showing an embodiment of a process of confirming a file change to a user through a query window in the security method according to the present invention, and FIG.
4 is a flowchart showing another embodiment of the security method according to the present invention.
BRIEF DESCRIPTION OF THE DRAWINGS The above and other features and advantages of the present invention will become more apparent from the following detailed description of the present invention when taken in conjunction with the accompanying drawings, It will be possible. The present invention is capable of various modifications and various forms, and specific embodiments are illustrated in the drawings and described in detail in the text. It should be understood, however, that the invention is not intended to be limited to the particular forms disclosed, but includes all modifications, equivalents, and alternatives falling within the spirit and scope of the invention. The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, the present invention will be described in detail with reference to the accompanying drawings.
FIG. 1 is a block diagram illustrating an embodiment of a security apparatus according to the present invention. Referring to FIG.
The
The
As described above, the
The
FIG. 2 is a flowchart sequentially illustrating an exemplary embodiment of a security method according to the present invention. FIG. 3 schematically illustrates an example of a process of confirming a file change to a user through a query window in a security method according to the present invention. A drawing, which is a drawing, will be described with reference to this.
S10; Process Verification Steps
The
In the present embodiment, the
S21, 22; The request function validation and backup step (S20)
The
In addition, the
On the other hand, the
S31, 32; The change function process interruption step (S30)
If the backup size of the
As described above, when the
The
On the other hand, when the
S40; Query step
The follow-up
When the process
In this query window, "HANCOAM" tries to rename the '.doc' file. Initiates the change, and waits for the user's answer. On the other hand, the checking
In the case of a file change by a user's selection, a window of a program that executes the file is output to the output means. If the file change is not the user's selection, the window of the program irrelevant to the desktop or the file is output . Thus, the present embodiment shows a query window output to an output means on which a web page is output.
Subsequently, the follow-up
S50; Process end step
The follow-up
The query window shown in FIG. 3 (b) is a query window that is output when the user rejects the continuation of the process and is clicked on the 'reject' button in the previous query window. To confirm the termination of the process. Also, the present embodiment may terminate the generation program of the process to be ended, and may output a selection button for confirming the program to the user. For reference, the program check can be performed through the 'program installation / removal' menu operated by the
S60; Process follow-up step
The follow-up
As shown in FIG. 3 (c), the follow-up
FIG. 4 is a flow chart illustrating another embodiment of the security method according to the present invention. Referring to FIG.
The security method of the present embodiment further includes a security setting step S05 for setting variable values for implementing the
S05; Steps to set security
The target file to be protected from Ransomware may be different for each user. To this end, the
In addition, the
In addition, the
Subsequently, the
The
More specifically, the
While the present invention has been described in connection with what is presently considered to be practical exemplary embodiments, it is to be understood that the invention is not limited to the disclosed embodiments, but, on the contrary, It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (5)
A backup step of comparing the request function with a designated function, and when the request function is confirmed as a designated function, backing up the target file and storing the backup file in the storage module;
Wherein the checking module compares a backup amount of the backup module with a threshold value, and stops the process when the backup amount exceeds a threshold value;
A query step of confirming an execution program and a target file of a process suspended by the follow-up process module in the checking module, and outputting a query window in which the execution program name and the target file name are started; And
A process of terminating the interrupted process or terminating both the process and the program when the follow-up process module receives an input signal for rejecting the process follow-up, and restoring the backup file of the storage module after the interrupt process module finishes the process End step;
The security method corresponding to the random software.
The backup step further comprises the step of the access control module decrypting the encrypted storage module so that the backup module stores the backup file in the storage module and the access control module encrypting the storage module when the backup file is stored in the storage module that;
And a security method corresponding to the random software.
A process follow-up step of, when the follow-up processing module receives the input signal for the process follow-up, releasing the interruption of the process through the checking module and continuing execution of the change function;
Further comprising the steps of:
Wherein the step of continuing the process comprises the steps of: outputting the result of the change of the following process to the query window of the follow-up process module;
Further comprising the steps of:
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150176971A KR101768082B1 (en) | 2015-12-11 | 2015-12-11 | Securing method for protecting the ransomware |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150176971A KR101768082B1 (en) | 2015-12-11 | 2015-12-11 | Securing method for protecting the ransomware |
Publications (2)
Publication Number | Publication Date |
---|---|
KR20170069584A KR20170069584A (en) | 2017-06-21 |
KR101768082B1 true KR101768082B1 (en) | 2017-08-14 |
Family
ID=59282139
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150176971A KR101768082B1 (en) | 2015-12-11 | 2015-12-11 | Securing method for protecting the ransomware |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101768082B1 (en) |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20190074840A (en) | 2017-12-20 | 2019-06-28 | 단국대학교 산학협력단 | System and Method for Preventing Ransomware using File System Journaling |
KR101889841B1 (en) | 2018-02-20 | 2018-08-21 | (주)지란지교시큐리티 | Content firewall for security of multimedia file, security system of content and recording medium |
KR20210001057A (en) | 2019-06-26 | 2021-01-06 | 주식회사 엠시큐어 | Method for detecting and blocking ransomware |
KR102262679B1 (en) | 2019-09-03 | 2021-06-09 | (주)지란지교시큐리티 | System and method for security of multimedia file and computer-readable recording medium |
KR102343406B1 (en) * | 2020-05-06 | 2021-12-24 | 원유준 | Apparatus and computer program for protecting data files |
KR102262688B1 (en) | 2020-10-29 | 2021-06-09 | (주)지란지교시큐리티 | Recording medium |
KR102262680B1 (en) | 2020-10-29 | 2021-06-09 | (주)지란지교시큐리티 | Multimedia file security method and recording medium |
KR102320387B1 (en) | 2020-11-16 | 2021-11-03 | (주)지란지교시큐리티 | Computing apparatus for multimedia file security, multimedia file security method and recording medium |
KR102303930B1 (en) | 2020-11-26 | 2021-09-24 | (주)지란지교시큐리티 | System for multimedia file security, multimedia file security method and recording medium |
KR102412298B1 (en) | 2021-12-28 | 2022-06-23 | (주)지란지교시큐리티 | System for multimedia file security, operating method thereof and recording medium |
-
2015
- 2015-12-11 KR KR1020150176971A patent/KR101768082B1/en active IP Right Grant
Also Published As
Publication number | Publication date |
---|---|
KR20170069584A (en) | 2017-06-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR101768082B1 (en) | Securing method for protecting the ransomware | |
EP3855330A1 (en) | Protection and recovery of backup storage systems from ransomware attacks | |
EP3479280B1 (en) | Ransomware protection for cloud file storage | |
US10289845B2 (en) | Protecting backup files from malware | |
RU2617631C2 (en) | Method for detection working malicious software runned from client, on server | |
EP3132373B1 (en) | Systems and methods for security management of multi-client based distributed storage | |
US20170324755A1 (en) | Method and System for Mitigating the Effects of Ransomware | |
US9633214B2 (en) | Self-removal of enterprise app data | |
US8776236B2 (en) | System and method for providing storage device-based advanced persistent threat (APT) protection | |
WO2015050620A2 (en) | Method and system for backing up and restoring a virtual file system | |
US11601281B2 (en) | Managing user profiles securely in a user environment | |
US20180026986A1 (en) | Data loss prevention system and data loss prevention method | |
CN114546582A (en) | Licensing for backup-related operations | |
CN114556869A (en) | Key management for encrypted data | |
KR20130093775A (en) | Apparatus, method, terminal and system for recovery protection of system files | |
US8108935B1 (en) | Methods and systems for protecting active copies of data | |
US9990493B2 (en) | Data processing system security device and security method | |
KR101429131B1 (en) | Device and method for securing system | |
RU2622630C2 (en) | System and method of modified data recovery | |
CN109145599B (en) | Protection method for malicious viruses | |
JP2017204173A (en) | Data protection program, data protection method, and data protection system | |
US10503898B2 (en) | Method for defending against malware | |
JP4801777B2 (en) | Authentication processing system, authentication processing method, and program | |
KR20230009343A (en) | File server data protection method and apparatus capable of changing file or file attribute according to file event occurrence of file server | |
JP2019135577A (en) | Control program, control method, and information processing device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
E701 | Decision to grant or registration of patent right | ||
GRNT | Written decision to grant |